[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

On Thu, 2012-06-28 at 19:30 +0100, Alan Cox wrote:
> > > 8. Predisclosure subscription process, and email address criteria
> Email is not a trustworthy medium. The linux security list  was in the
> past intercepted. 

I think it would be wise to add encryption (and the requirement to
provide a key) to the pre-disclosure list. I wonder if mailman has
per-subscriber encryption capabilities.

If not then we should consider moving this particular list to a list
manager which can. Apparently whatever the linux-distros list uses can
do this (judging from


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.